bool getRawCookies(const NetworkStorageSession& session, const KURL& /*firstParty*/, const KURL& url, Vector<Cookie>& rawCookies)
{
rawCookies.clear();
RetainPtr<CFURLRef> urlCF = adoptCF(url.createCFURL());
bool sendSecureCookies = url.protocolIs("https");
RetainPtr<CFArrayRef> cookiesCF = adoptCF(CFHTTPCookieStorageCopyCookiesForURL(session.cookieStorage().get(), urlCF.get(), sendSecureCookies));
CFIndex count = CFArrayGetCount(cookiesCF.get());
rawCookies.reserveCapacity(count);
for (CFIndex i = 0; i < count; i++) {
CFHTTPCookieRef cookie = (CFHTTPCookieRef)CFArrayGetValueAtIndex(cookiesCF.get(), i);
String name = cookieName(cookie).get();
String value = cookieValue(cookie).get();
String domain = cookieDomain(cookie).get();
String path = cookiePath(cookie).get();
double expires = (cookieExpirationTime(cookie) + kCFAbsoluteTimeIntervalSince1970) * 1000;
bool httpOnly = CFHTTPCookieIsHTTPOnly(cookie);
bool secure = CFHTTPCookieIsSecure(cookie);
bool session = false; // FIXME: Need API for if a cookie is a session cookie.
rawCookies.uncheckedAppend(Cookie(name, value, domain, path, expires, httpOnly, secure, session));
}
return true;
}
void WebSessionManager::addCookie(const std::string& appName, const Poco::Net::HTTPServerRequest& request, WebSession::Ptr pSession)
{
Poco::Net::HTTPCookie cookie(cookieName(appName), pSession->id());
if (_cookiePersistence == COOKIE_PERSISTENT)
{
cookie.setMaxAge(pSession->timeout());
}
cookie.setPath(cookiePath(appName));
cookie.setDomain(cookieDomain(appName));
cookie.setHttpOnly();
request.response().addCookie(cookie);
}
std::string WebSessionManager::getId(const std::string& appName, const Poco::Net::HTTPServerRequest& request)
{
std::string id;
std::string name(cookieName(appName));
NameValueCollection cookies;
request.getCookies(cookies);
NameValueCollection::ConstIterator it = cookies.find(name);
if (it != cookies.end())
id = it->second;
return id;
}
std::string WebSessionManager::cookieName(const std::string& appName)
{
std::string cookieName(COOKIE_NAME);
if (!appName.empty())
{
std::string::size_type pos = appName.find('@');
if (pos == std::string::npos) pos = appName.find('/');
if (pos == std::string::npos) pos = appName.size();
cookieName.append(".");
cookieName.append(appName, 0, pos);
}
return cookieName;
}
void deleteCookie(const NetworkStorageSession& session, const KURL& url, const String& name)
{
RetainPtr<CFHTTPCookieStorageRef> cookieStorage = session.cookieStorage();
RetainPtr<CFURLRef> urlCF = adoptCF(url.createCFURL());
bool sendSecureCookies = url.protocolIs("https");
RetainPtr<CFArrayRef> cookiesCF = adoptCF(CFHTTPCookieStorageCopyCookiesForURL(cookieStorage.get(), urlCF.get(), sendSecureCookies));
CFIndex count = CFArrayGetCount(cookiesCF.get());
for (CFIndex i = 0; i < count; i++) {
CFHTTPCookieRef cookie = (CFHTTPCookieRef)CFArrayGetValueAtIndex(cookiesCF.get(), i);
if (String(cookieName(cookie).get()) == name) {
CFHTTPCookieStorageDeleteCookie(cookieStorage.get(), cookie);
break;
}
}
}
void deleteCookie(const Document*, const KURL& url, const String& name)
{
CFHTTPCookieStorageRef cookieStorage = currentCookieStorage();
if (!cookieStorage)
return;
RetainPtr<CFURLRef> urlCF(AdoptCF, url.createCFURL());
bool sendSecureCookies = url.protocolIs("https");
RetainPtr<CFArrayRef> cookiesCF(AdoptCF, CFHTTPCookieStorageCopyCookiesForURL(cookieStorage, urlCF.get(), sendSecureCookies));
CFIndex count = CFArrayGetCount(cookiesCF.get());
for (CFIndex i = 0; i < count; i++) {
CFHTTPCookieRef cookie = (CFHTTPCookieRef)CFArrayGetValueAtIndex(cookiesCF.get(), i);
if (String(cookieName(cookie).get()) == name) {
CFHTTPCookieStorageDeleteCookie(cookieStorage, cookie);
break;
}
}
}
static RetainPtr<CFArrayRef> filterCookies(CFArrayRef unfilteredCookies)
{
CFIndex count = CFArrayGetCount(unfilteredCookies);
RetainPtr<CFMutableArrayRef> filteredCookies = adoptCF(CFArrayCreateMutable(0, count, &kCFTypeArrayCallBacks));
for (CFIndex i = 0; i < count; ++i) {
CFHTTPCookieRef cookie = (CFHTTPCookieRef)CFArrayGetValueAtIndex(unfilteredCookies, i);
// <rdar://problem/5632883> CFHTTPCookieStorage would store an empty cookie,
// which would be sent as "Cookie: =". We have a workaround in setCookies() to prevent
// that, but we also need to avoid sending cookies that were previously stored, and
// there's no harm to doing this check because such a cookie is never valid.
if (!CFStringGetLength(cookieName(cookie).get()))
continue;
if (CFHTTPCookieIsHTTPOnly(cookie))
continue;
CFArrayAppendValue(filteredCookies.get(), cookie);
}
return filteredCookies;
}
